Analysis
-
max time kernel
51s -
max time network
60s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
15-06-2022 17:10
General
-
Target
2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4.exe
-
Size
1.7MB
-
MD5
ad389201c02e4edbeff9b26be6b0ea58
-
SHA1
08b174b3890840b275aec4b6942772c61e07f4e4
-
SHA256
2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4
-
SHA512
b30a496bed466136c662f9b69b9504161203458d9fc5e5afbce6175a446402526705eb9c82637e6d4bcd264b26978704829786cb8ea5e6030fc6dedef611cd82
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Legion Loader Activity Observed (suspira)
suricata: ET MALWARE Legion Loader Activity Observed (suspira)
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4.exe"C:\Users\Admin\AppData\Local\Temp\2891b08c134238beeb08582e3465d77c0fff2ac4bf2cd67162b7402b7246ace4.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB